By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Take a hard look at who has access to sensitive data and whether those accesses are appropriate. The audit function should also monitor systems and insiders to detect illicit activity. Review audit trails searching for security events and abuse of privileges. Verify directory permissions, payroll controls and accounting system configurations. Confirm backup software is appropriately configured and backups complete without error. Review network shares for sensitive information stored with wide-open permissions. Conduct office space reviews to determine if security policies and procedures are followed in practice (e.g. sensitive material is not left unattended, workstation screens are locked and laptops are secured). Ensure accesses are systematically rescinded when personnel leave the organization or their role changes. Obtain a list of current personnel from human resources and compare it to active accounts (e.g. network accounts, remote access and local accounts on servers). Stand-alone applications must be checked as well (e.g. voicemail and company directories). Review physical security access logs. Pay particular attention to employee visits after-hours and on the weekends. If suspicious activity is detected, cross reference video surveillance feed and system audit trials. Conduct the assessments identified above at least quarterly. Automate auditing as much as possible to conserve resources and detect security violations as they occur. For more information, see the IIA GTAG Continuous Auditing Guide.

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy